目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

CVE-2026-43319— Linux kernel 安全漏洞

AI Predicted 5.9 Difficulty: Easy EPSS 0.09% · P1

Affected Version Matrix 12

ベンダープロダクトVersion Rangeステータス
LinuxLinuxa720416d94634068951773cb9e9d6f1b73769e5b< fabfed1afe273717ea33b8aee46b767360edbb80affected
a720416d94634068951773cb9e9d6f1b73769e5b< f8431b8672231d378b03176fe74c95adfd3522cfaffected
a720416d94634068951773cb9e9d6f1b73769e5b< e341e18215030af2136836b78508e0d798916df7affected
a720416d94634068951773cb9e9d6f1b73769e5b< 41ccfac7d302968a4f32b5f7b012d066c5f5cdf8affected
a720416d94634068951773cb9e9d6f1b73769e5b< 40534d19ed2afb880ecf202dab26a8e7a5808d16affected
6.2affected
< 6.2unaffected
6.6.142≤ 6.6.*unaffected
… +4 more rows
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2026-43319の基本情報

脆弱性情報

脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
spi: spidev: fix lock inversion between spi_lock and buf_lock
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: spi: spidev: fix lock inversion between spi_lock and buf_lock The spidev driver previously used two mutexes, spi_lock and buf_lock, but acquired them in different orders depending on the code path: write()/read(): buf_lock -> spi_lock ioctl(): spi_lock -> buf_lock This AB-BA locking pattern triggers lockdep warnings and can cause real deadlocks: WARNING: possible circular locking dependency detected spidev_ioctl() -> mutex_lock(&spidev->buf_lock) spidev_sync_write() -> mutex_lock(&spidev->spi_lock) *** DEADLOCK *** The issue is reproducible with a simple userspace program that performs write() and SPI_IOC_WR_MAX_SPEED_HZ ioctl() calls from separate threads on the same spidev file descriptor. Fix this by simplifying the locking model and removing the lock inversion entirely. spidev_sync() no longer performs any locking, and all callers serialize access using spi_lock. buf_lock is removed since its functionality is fully covered by spi_lock, eliminating the possibility of lock ordering issues. This removes the lock inversion and prevents deadlocks without changing userspace ABI or behaviour.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于spidev驱动中spi_lock和buf_lock锁顺序不一致,可能导致死锁。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
LinuxLinux a720416d94634068951773cb9e9d6f1b73769e5b ~ fabfed1afe273717ea33b8aee46b767360edbb80 -
LinuxLinux 6.2 -

II. CVE-2026-43319の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2026-43319のインテリジェンス情報

登录查看更多情报信息。

CVE-2026-43319 补丁与修复 (5)

Same Patch Batch · Linux · 2026-05-08 · 197 CVEs total

CVE-2026-434029.8 CRITICALkthread: consolidate kthread exit paths to prevent use-after-free
CVE-2026-433849.8 CRITICALnet/tcp-ao: Fix MAC comparison to be constant-time
CVE-2026-434149.8 CRITICALscsi: qla2xxx: Completely fix fcport double free
CVE-2026-433049.8 CRITICALlibceph: define and enforce CEPH_MAX_KEY_LEN
CVE-2026-433419.8 CRITICALnet/ipv6: ioam6: prevent schema length wraparound in trace fill
CVE-2026-433769.8 CRITICALksmbd: fix use-after-free by using call_rcu() for oplock_info
CVE-2026-433789.8 CRITICALsmb: server: fix use-after-free in smb2_open()
CVE-2026-433799.8 CRITICALksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()
CVE-2026-434659.8 CRITICALnet/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ
CVE-2026-433839.4 CRITICALnet/tcp-md5: Fix MAC comparison to be constant-time
CVE-2026-434079.1 CRITICALlibceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()
CVE-2026-434069.1 CRITICALlibceph: prevent potential out-of-bounds reads in process_message_header()
CVE-2026-432848.8 HIGHxfrm: esp: avoid in-place decrypt on shared skb frags
CVE-2026-434038.8 HIGHnsfs: tighten permission checks for ns iteration ioctls
CVE-2026-433348.8 HIGHBluetooth: SMP: force responder MITM requirements before building the pairing response
CVE-2026-433228.8 HIGHBluetooth: hci_sync: Fix UAF in le_read_features_complete
CVE-2026-433918.8 HIGHnsfs: tighten permission checks for handle opening
CVE-2026-432918.3 HIGHnet: nfc: nci: Fix parameter validation for packet data
CVE-2026-433658.2 HIGHxfs: fix undersized l_iclog_roundoff values
CVE-2026-434528.2 HIGHnetfilter: x_tables: guard option walkers against 1-byte tail reads

Showing 20 of 197 CVEs. View all on vendor page →

IV. 関連脆弱性

V. CVE-2026-43319へのコメント

まだコメントはありません


コメントを残す